Class AuthenticationAPI

java.lang.Object
de.xima.fc.api.ASubAPI
de.xima.fc.api.system.AuthenticationAPI
public class AuthenticationAPI extends ASubAPI
Author:
XIMA MEDIA GmbH

  • Constructor Details

    • AuthenticationAPI

      public AuthenticationAPI()

  • Method Details

    • checkTwoFactorAuthentication

      public Optional<MfaTempTokenInfoDto> checkTwoFactorAuthentication(IUser user) throws UserMfaTempTokenMaxException
      Checks if two-factor authentication is required for the given user.
      Parameters:
      user - the user to check
      Returns:
      an Optional containing a TwoFactorAuthenticationRequiredDto if two-factor authentication is required, or an empty Optional if it is not required
      Throws:
      UserMfaTempTokenMaxException
      Since:
      8.4.0
      See Also:

    • getActiveClientDescriptor

      public IClientDescriptor getActiveClientDescriptor(UserContext uc, String clientName)
      Returns the client descriptor for the given client name. The client needs to be active.
      Parameters:
      uc - user context for accessing the database.
      clientName - name of the client.
      Returns:
      the client descriptor for the given client name iff it is active and null otherwise.
      Since:
      8.0.0

    • getActiveClientDescriptors

      public Map<String, IClientDescriptor> getActiveClientDescriptors(UserContext uc, Set<String> clientNames)
      Returns the client descriptors for the given client names. The clients need to be active.
      Parameters:
      uc - user context for accessing the database.
      clientNames - names of the clients.
      Returns:
      the client descriptors for the given client names iff they are active as a map. The keys of the map entries are the client names.
      Since:
      8.0.0

    • getAuthenticator

      public IAuthenticator<?> getAuthenticator(UserContext uc, UUID callbackUuid)

    • getBackendClientDescriptors

      public List<IClientDescriptor> getBackendClientDescriptors(UserContext uc)
      Finds all active client descriptors that are configured for the backend in order. Clients with credentials authenticators are at the beginning of the list.
      Parameters:
      uc - user context for accessing the database.
      Returns:
      ordered list of all client descriptors configured for the backend.
      Since:
      8.0.0

    • getBackendInputClientDescriptors

      public List<IClientDescriptor> getBackendInputClientDescriptors(UserContext uc)
      Finds all active client descriptors that are configured for the backend and require direct input of creadentials (in order).
      Parameters:
      uc - user context for accessing the database.
      Returns:
      ordered list of all active client descriptors configured for the backend that require direct input of user credentials.

    • getBackendRedirectClientDescriptors

      public List<IClientDescriptor> getBackendRedirectClientDescriptors(UserContext uc)
      Finds all active client descriptors that are configured for the backend and redirect the user to an external IDP (in order).
      Parameters:
      uc - user context for accessing the database.
      Returns:
      ordered list of all active client descriptors configured for the backend and redirect the user to an external IDP.
      Since:
      8.0.0

    • getClientDescriptorByProfile

      @Nullable public IClientDescriptor getClientDescriptorByProfile(UserContext uc, String clientName)
      Returns the client for the given client name.
      Parameters:
      uc - user context for accessing the database.
      clientName - name of the client (callback UUID or authentication client type nam).
      Returns:
      the pac4j client for the given client name or null if none could be found.
      Since:
      8.0.0

    • getClientDescriptorsByTenant

      public List<IClientDescriptor> getClientDescriptorsByTenant(UserContext uc, UUID tenantUuid)

    • getClientDescriptorsByUserPortal

      public PagedResult<IClientDescriptor> getClientDescriptorsByUserPortal(UserContext uc, UserPortal userPortal, int page, int pageSize)
      Since:
      8.2.0
      See Also:

    • getClientDescriptorsByUserPortal

      public PagedResult<IClientDescriptor> getClientDescriptorsByUserPortal(UserContext uc, UUID userPortalUuid, int page, int pageSize)
      Since:
      8.4.0
      See Also:

    • getClientNamesByUserPortalAlias

      public Set<String> getClientNamesByUserPortalAlias(UserContext uc, String portalAlias)

    • getRestClientDescriptors

      public Set<IClientDescriptor> getRestClientDescriptors(UserContext uc)
      Finds all active client descriptors that are available for the REST API.
      Parameters:
      uc - user context for accessing the database.
      Returns:
      a set of all active client descriptors available for the REST API.
      Since:
      8.2.0

    • getUserProfileByCredentials

      public org.pac4j.core.profile.UserProfile getUserProfileByCredentials(UserContext uc, UUID callbackUuid, String userName, String password)
      Gets the user profile for the given authenticator. Only allowed for LDAP authenticators at the moment.
      Parameters:
      uc - user context for accessing the database.
      callbackUuid - callback UUID of the authenticator
      userName - of the user
      password - of the user
      Returns:
      the pac4j UserProfile of the user if the user was successfully validated.
      Since:
      8.0.0

    • isTwoFactorAuthenticationRequired

      public boolean isTwoFactorAuthenticationRequired(IUser user)
      Checks if two-factor authentication is required for the given user.
      Parameters:
      user - the user to check
      Returns:
      true if two-factor authentication is required, false otherwise
      Throws:
      IllegalArgumentException - if the user is null or not authenticated
      Since:
      8.4.0

    • hasReachedMaxTokenLimit

      public boolean hasReachedMaxTokenLimit(IUser user)
      Returns whether the user has reached the maximum number of temporary MFA tokens allowed.
      Parameters:
      user - the user to check for maximum token limit
      Returns:
      true if the user has reached the maximum token limit, false otherwise
      Throws:
      IllegalArgumentException - if the user is null or does not have a profile

    • loadAuthenticationData

      public AuthenticationData loadAuthenticationData(UserContext uc, AuthenticationDataRequest request)

    • refreshMfaTempToken

      public MfaTempTokenInfoDto refreshMfaTempToken(String token) throws UserMfaTempTokenNotFoundException, UserMfaTempTokenMaxException, UserMfaTempTokenExpiredException
      Throws:
      UserMfaTempTokenNotFoundException
      UserMfaTempTokenMaxException
      UserMfaTempTokenExpiredException

    • verifyMfaCode

      public MfaVerificationResultDto verifyMfaCode(String code, String tempToken, boolean saveAuthentication) throws UserMfaTempTokenNotFoundException, UserMfaTempTokenMaxException, UserMfaTempTokenExpiredException
      Verifies the provided MFA code against a temporary token.
      Parameters:
      code - the MFA code to verify
      tempToken - the temporary token associated with the MFA code
      saveAuthentication - whether to save the authentication state if the code is valid
      Returns:
      the result of the MFA verification, containing details about the verification process
      Throws:
      UserMfaTempTokenNotFoundException - if the temporary token is not found
      UserMfaTempTokenMaxException - if the maximum number of verification attempts for the temporary token has been reached
      UserMfaTempTokenExpiredException - if the temporary token has expired
      Since:
      8.4.0